Posted
by
msmash
on Tuesday January 09, 2018 @12:01PM
from the debate-resumes dept.

The inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an "urgent public safety issue," FBI Director Christopher Wray said on Tuesday in remarks that sought to renew a contentious debate over privacy and security. From a report: The FBI was unable to access data from nearly 7,800 devices in the fiscal year that ended Sept. 30 with technical tools despite possessing proper legal authority to pry them open, a growing figure that impacts every area of the agency's work, Wray said during a speech at a cyber security conference in New York. "This is an urgent public safety issue," Wray added, while saying that a solution is "not so clear cut."

You mean think of the children which (some of) our elected officials want to diddle? Yes, seriously. Maybe the FIB should be looking into that instead of allowing us to be secure in our papers and effects. How the mighty have felon.

I don't see it all that short term thinking. This is definitely part of a larger picture, a longer termed plan.

Get this wedge in now, this idea that some authority should have all the keys to the encryption kingdom, and it should be easier to keep it there when the next privacy scheme comes along. Otherwise it's a doubly hard fight the next time. You have to convince more people that the authorities are correct to want it. Do it now, when it is of less concern.

Breakable encryption is no encryption at all. I guess the 3 letter agencies want to back-door themselves to indeterminism along with the whole world just because they think it'll give them that last 2% of control. Perhaps they don't realize what an asymptote maximizing control is. (With an emphasis on the as)

Hell, on the other hand, they may already actually really have it all broken, and the TLA's are doing a very smart thing...bitching that they can't get into devices to give everyone a false sense of security.

If encryption is breakable with a large amount of effort, then it does several useful things...

The definition of a "large amount of effort" regarding computing resources is neither static nor simple. "Large" for LAPD? "Large" for a Chinese bitcoin mine? "Large" for the FBI? "Large" after 5 years of advancements?

Strong encryption is usually measured by the energy requirements on an ideal computer. If those energy requirements are on the order of the total energy released from a star over its entire life then it is strong. If it is something that is a sizeable portion of a nation state's total annual energy usage then it isn't strong. Very smart people are figuring out better ways to crack codes so the energy requirement for any cipher do decrease over time until they are so low that DES was cracked in under a day on a $200,000 machine in 2002.

Here is a nice little excerpt from Bruce Schneier's book Applied Cryptography that puts things in perspective on how to think about it. As an added bonus there is the phrase "orgy of computation" included:

One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38×10-16 erg/Kelvin, and that the ambient temperature of the universe is 3.2 Kelvin, an ideal computer running at 3.2 K would consume 4.4×10^-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21×10^41 ergs. This is enough to power about 2.7×10^56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.

But that's just one star, and a measly one at that. A typical supernova releases something like 10^51 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

In fact the story goes back to 1975 (at least). That's when Diffie and Hellman found themselves battling the NSA, which wanted DES to be accepted as the encryption standard simply because NSA could crack it.

I strongly oppose government efforts to weaken our protections. I'm relying on unbreakable encryption in my own campaign, notably in my plans to end identity theft and increase voter participation. The most-powerful encryption ever used has been the spoken word, in closed quarters, with a soft noise generator to prevent electronic surveillance: no record of communications. Written and then pulped notes. Anything that destroys the data.

I haven't translated these plans to my new site [johnmoserforcongress.com] yet. I need to, but I've been working alone. My political competitor, Elijah Cummings, has expressed no interest in protecting our privacy from domestic spying.

To be honest, I don't think he's exactly wrong to say that unbreakable encryption is a public safety issue. It's an issue. It's an issue we can debate and think about and talk about. If encryption is unbreakable, then it makes it harder for law enforcement to do certain things that they might validly want to do.

On the other hand, if people can't encrypt their data (or that encryption is breakable), then it creates an entirely different set of problems. People can't safeguard their data or protect their systems. It increases the vulnerability of our infrastructure. It increases the chances that criminals and terrorists can gain access to important and private information.

There are going to be real valid problems either way. There should be open discussions about what all of those problems are, and how we can mitigate them. But ultimately, I don't think breakable encryption (or backdoored encryption) is a viable long-term option, even if we were willing to live in a police state. The ability to break or circumvent encryption will inevitably fall into the hands of criminals.

To be honest, I don't think he's exactly wrong to say that unbreakable encryption is a public safety issue. It's an issue. It's an issue we can debate and think about and talk about. If encryption is unbreakable, then it makes it harder for law enforcement to do certain things that they might validly want to do.

On the other hand, if people can't encrypt their data (or that encryption is breakable), then it creates an entirely different set of problems. People can't safeguard their data or protect their systems. It increases the vulnerability of our infrastructure. It increases the chances that criminals and terrorists can gain access to important and private information.

There are going to be real valid problems either way. There should be open discussions about what all of those problems are, and how we can mitigate them. But ultimately, I don't think breakable encryption (or backdoored encryption) is a viable long-term option, even if we were willing to live in a police state. The ability to break or circumvent encryption will inevitably fall into the hands of criminals.

You want to have open discussions? Fine. We'll start with dismantling the FISA court system that seeks to hide Unconstitutional activity.

I agree, there are issues on both sides. No one is debating the existence of a Catch-22 here. The real problem is those who are asking for the keys to the kingdom cannot be trusted to respect The People or their Constitutional Rights. THAT is the real issue to address.

We don't get much data on the FISA courts. What we get shows the promises made to be pure, unmitigated bullshit.

The FISA judges are supposed to be holding the government to standards. They are FAILING, based on 100% FISA court warrant issue rate reported for the initial years of operation.

Rubber stamp court should be abolished immediately, all warrants quashed. All records publicly reviewed and any perjury by feds (or anybody else) prosecuted to _full_ extent of law (after a period of a few years).

I can dream can't I? Not a crime to dream of justice for the justice department, at least not yet.

To be honest, I don't think he's exactly wrong to say that unbreakable encryption is a public safety issue. It's an issue.

He's absolutely correct that it's a public safety issue. The last century taught us (those who were paying attention, at least) that authoritarian government is the biggest public safety issue that has ever existed, save for maybe the bubonic plague. So, sorry FBI, the bottom line is that we have bigger fish to fry than "encryption".

I'd also wager that the 1st amendment protects encryption. I can communicate using any language I wish. In this case, I communicate in AES256. If you don't understand it, that's on you to figure out and not up to me to explain it to you. Also, I agree 100%, unbreakable encryption is not going to go away - the genie is already out of the bottle.

I have always viewed the issue around encryption and law enforcement as one of, does someone have to assist prosecutes in prosecuting them? So do I have to interpret data for those who want to use it against me as that is what one is doing? They have the data, just because they can't figure it out doesn't mean I have to help them.

My biggest problem with "them" having the keys to the entire kingdom is "they" have repeatedly demonstrated a lack of accountability, complete disregard to law when not being immediately scrutinized, and just the basic ability to keep the keys they already have, safe.
Other than that, what's the problem?

Even if you assume that they'll do their jobs perfectly, there would still the problem that any back door is essentially guaranteed to eventually be discovered by bad actors and used against the public at large. If the NSA gets their way, we won't be able to do banking online, because it won't be possible to secure the transactions. We won't be able to use credit cards at stores, because it won't be possible to secure the transactions. Basically, imagine a global information apocalypse, and then multipl

this idea that some authority should have all the keys to the encryption kingdom

Much as I don't like this idea myself, it is not new.

The Fourth Amendment explicitly allows the Executive Branch — after securiing Judicial Branch's approval — to access all of our possessions and "effects". They have a right to do that, which no one seems to seriously dispute.

The strong encryption has given us the means to lock things up so that even the government can't get them — this part is new. Although t

While correct, you're missing the point. Ciphers have been around for a very, very long time. They weren't used as extensively in the past as they are today. But they've been around throughout history. A quick wikipedia search references Egyptian hieroglyphs for example. The technology progressed over time and the cost to break the encrypted text increased over time to what we have today.

Nonetheless, encrypted communications were available when the constitution was written and they were in use. Yet the constitution makes no mention of preventing the citizens from using encrypted communications or in forcing the users to decrypt the documents on demand.

The federal government gave itself the rights mentioned, but did not choose to worry about the technology of the day providing documents that they could see, but couldn't decrypt without a lot of work or the help of one of the parties on either end of the transmission. They had just fought a revolution against a government that employed big brother tactics (like garrisoning soldiers in people's homes). They didn't want the government doing any of that type of crap anymore.

The FBI and others might really wish today that the writers had considered encryption, but they didn't choose to. The writer's generation relied on spies and good old footwork to figure things out. They didn't rely solely on documents. Good for them.

At least one of the founding fathers was well aware of strong cryptography and at the time made a cipher that was thought to be unbreakable [wikipedia.org] by some. By today's standards it is pretty weak but versions of it saw use into WWII [wikipedia.org] where it was used for securely transmitting near real-time info that if cracked a few hours or a day later by the enemy would be of no value.

You're still missing my point. An encrypted document in and of itself didn't make you a criminal in those days. The government may or may not have been able to decrypt it eventually, but the most it could do if intercepted was mark you as a person of interest for more resources to be allocated to. Then, if you actually broke the law, they could handle that within the limits of the rest of the amendments. The existence and contents of the original document weren't directly actionable.

The Fourth Amendment explicitly allows the Executive Branch â" after securiing Judicial Branch's approval â" to access all of our possessions and "effects". They have a right to do that, which no one seems to seriously dispute.
The strong encryption has given us the means to lock things up so that even the government can't get them â" this part is new. Although they still have the right to read your data, they no longer have the ability to do it.

If the FBI gets their way on this weak breakable encryption, it will have economic consequences for the US.

The other 96% of the world's population will know that they can't trust American products. They might make their own phones, systems, devices, etc even more secure against American TLAs. Thus accomplishing the opposite of what the TLAs want.

Aren't the majority of smartphones already made outside the US? Maybe all they need to do is build their own secure OS with secure encryption that the US won't like. Will the US stop people coming in with foreign made phones that are too secure?

What about economic consequences of American executives traveling abroad using insecure US made equipment and having valuable trade secrets stolen?

This. Even if it was mandated tomorrow that all encrypted communications shall use X cipher to which the government has a backdoor and through magic psychic software it actually cannot be decrypted without proper cause and judicial review, there's not anything that would prevent the payload from being encrypted again using a different system, and there would be no way to tell without actually decrypting the outer wrapper.

People said that when television first went to satellites. Back in the '80;s, home satellite TV boxes had card readers (just like credit cards) that had all your data id: channel and subscription info, on them. Possession of card readers, used by hackers to read/write their own cards, even for legitimate purposes (like making library cards on the same technology) became a crime - So too did even the "knowledge" of how the readers worked. It was a crime to post or share data layouts or how the hardware functioned. When a society reaches a point where it accepts that knowledge itself is a crime, essentially, outlawing ideas, the notion of "freedom" from there on is nothing more than veneer.

Also, no amount of wishing will put the AES-256 toothpaste back in the tube. Because, math.

Which is exactly why I would like to outlaw specific types of math. Nobody needs anything larger than a 32-bit number for anything, nor a decimal point number. Let's ban floating point math and any number larger than 2^31 (for scientific use) and 2^29 (for economic use). This prevents strong encryption (remember that symmetric encryption can be done in far fewer bits than the FBI would like to allow). Problems solved for everyone.

I will grant Christopher Wray benefit of the doubt and interpret his words charitably - he must have meant it is public safety issue that more people don't use strong cryptography, potentially exposing sensitive data to FBI and other crooks.

What the law enforcement clambering for a back door or weaker encryption forget or fail to see is that the 7k cases they are talking about isn't even a drop in the bucket compared to the 17 million identity thefts each year

The real safety issue is the lack of respect our government has for the Constitution. I for one am not happy with the whole secret court, secret warrant and other "Patriot Act" nonsense. The government has immense power and only wants more and more. The most dangerous thing in any society is a government that forgets it rules for the people and not OVER them.

I guess I just wonder how the FBI made any other case, ever, without the ability to post-facto dig through any and all communication from the accused. It's not like secure communications are some new concept - it literally goes back many hundreds of years.

What did the FBI forget about investigation since the smartphone era began? And why?

The justice system in the US is for the most part adversarial. The prosecutors and police are on one side and the alleged criminals and their lawyers on the other. I think this works well in some cases. In other cases I think it doesn't work at all. In France and other places, there are no sides and what matters to the courts is that the truth gets out.

There are many cases where I think the French way is a better solution, such as organized crimes. Mafiosos, gangs, paedophile rings, etc should n

Encryption can be either secure or insecure. You can't have it both ways.

If secure, then the hackers can't break it, but neither can the government.

If insecure, then the government can read your data, but so can the hackers.

If US made products are known to have mandated weak encryption, the rest of the world will take note of that. It will put US products at a competitive disadvantage relative to other products not subject to mandatory weak encryption. US travelers abroad can have their valuable

I was going to say that if encryption had a backdoor between 0 and 0 children would have been saved, but then I thought about all the IoT devices that have been hacked recently. The truth is, with backdoor we would be putting thousands, tens of thousands, possibly even hundreds of thousands of children at risk.
Just ask Cisco how the government mandatedo backdoors worked for them and how much it cost them?

How about you drop the blanket sarcasm shield and put some rationale behind your opinions?

If 30% of the population enable optional encryption, and 70% do not. That's 70% of potential "dumb" criminals to be caught. 30% is still enough to prevent targeted monitoring, privacy channels remain intact and effective, and more crimes get solved. Over time, the news will spread, and the majority of people will consciously choose to enable encryption on their devices.

Yeah, but think of all the dumb ones that will be caught! We could also do something to make the smart ones dumb. Like put stuff in their water. Or make them read the comments on Slashdot. That way we will catch them all. Because they will be dumb. It will be like Idiocracy, but real.

The problem is that I doubt very much that the FBI/CIA/NSA will someday use this skill for any lawful reason, it is much, much more likely that it will use this ability to steal my industrial secrets (and sell them to some north-american firm) and spying on other nations.

Encryption is nothing new. All that's changed is that now ordinary people are using it too - not just people with something to hide. Odd that it's suddenly a problem - it's almost like the FBI has some ulterior motive.

What do you think is on these phones that is so important?- The last few numbers you dialed? They could easily get that from the phone provider- The last few locations you were at? Again, the phone provider can give that to you- The last few emails or text messages you sent? Again, providers will cooperate with a legitimate investigation

Criminals that are smart enough will not get caught by anything on their phone regardless of encryption. The only thing that they could want on these phones is in the pursui

No downvotes for you at the moment, so I'll have to settle for pointing out how stupid your argument is.

First, "think of the children" is a shitty, fear-mongering argument designed to play to people's base instincts, and trap them in a corner so they can't produce a good argument against you. How do you argue against protecting children without seeming like a monster?

Second, if there is a switch to flip, that can and will be abused. Between nation states and malware, if you want it on there's the chance that it will get turned off without your notice, and if you want it off there's a chance it will get turned on without your notice.

Third, enabling authorities to invisibly snoop on anyone not smart enough to turn on their encryption is stupid and wrong. It sets up an expectation that they can check in on anyone when they want to, and creates the "why are you encrypting if you have nothing to hide" line of thought.

Last, technology isn't some magic shit that prevents law enforcement from doing it's job. It's the opposite, actually. Not only can they can do the same damn job the same damn way as they always have, we now live in a world with cameras everywhere, face identification, cell phone tracking, OnStar and other car tracking and remote control abilities, etc., etc., etc.

Law enforcement already has orders of magnitude more tools with which to catch bad guys than they had even a decade ago. There is absolutely no reason to allow them invisibly monitor every facet of a large percentage of people's lives, data mine and machine learn, heuristically profile, and otherwise pry into their lives without a trace because there's a vanishingly small chance they might be up to something. I don't care how bad or stupid those people are - that's abusive fascist secret police shit right there.

You have the legal authority to pry them open. Get prying. Having the authority to try to open something doesn't give you the entitlement to open it. Unfortunately, it seems the top dog at the FBI does not understand this concept. It's also entirely the fault of the FBI and other government agencies with police powers that this encryption situation has gone in this direction. They made this bed and they must lie in it. No law can change the fundamental properties of mathematical operations, and good luck outlawing consumer encryption since every CPU being made nowadays (even Celerons and Atoms) has hardware AES and such strong encryption is ubiquitous. Combined with the epic failure and subsequent revelations of major flaws in the government's key escrow Clipper Chip, there is no way the FBI is killing off the spread of encryption.

It's not a matter of whether they understand the technology or not. They just don't give a damn. They want access to EVERYTHING, ALL THE TIME, and Constitional rights be damned. This is the true nature of the mind of your average law-enforcement type. Your 'rights', to them, are more like 'privileges, which can be granted and revoked at their will and whim, because they have guns.' This is why we're supposed to have checks and balances built into our criminal legal system, and this is why it's important to

Revealing an encryption password in your head is testimony and forcing that disclosure violates the Fifth Amendment; never mind other issues such as if the person legitimately forgot the password and so has no password to hand over. So yes, for encryption it works that way. I have yet to see anything to the contrary in the US.

Also, there is absolutely nothing I have ever seen anywhere that says you must hand over the keys to your house if someone has a search warrant. You may choose to do so instead of h

I remember back in the 90's or early 2000's someone said the CIA was intercepting ALL email in the USA,
and running it through a program that would look for key words or some such garbage.
I went into my signature file, using a WHITE FONT and put in my sig file about 20-30 words that
should have triggered something, just to hopefully screw with their program.
Probably didn't work, but it made me feel better.
Hey, I'm as law and order as the next guy, but MY PRIVACY IS MINE. You THINK I'm doing something
il

To be honest, Law Enforcement and their " kill everyone who doesn't comply with our demands " is an urgent Public Safety Issue.

Encryption, on the other hand, hasn't killed any innocent people as far as I know so I think their priorities are a bit skewed.

Back on topic:

Encryption, when properly inplemented, does exactly what it's supposed to do. It keeps unauthorized eyes off of private data. Just because you wear a badge doesn't give you the right to spy on everyone.

What puzzles me is, with all of the resources that the US federal government has at their disposal, why aren't they actually trying to crack encrypted phones?

As I understand it, the older iPhones could likely be cracked by desoldering a chio and interrogating it. The newer ones have their entire security apparatus encased in a single chip but I don't see why the chip couldn't be removed, disassembled, and its partial private key extracted. It's probably not something that could be done by hand and would probably involve contracting with a chip-fabricating outfit. The outlay costs would be enormous but once a "Federal Bureau of Device Recovery" was established and operational, they could make back money by cracking phones for state and local law enforcement.

It's just so strange because it seems likely that eventually other countries will have this capability, if they don't already. My guess is that if the FBI hasn't figured out how to crack encrypted iPhones themselves in the next 5 years, they'll be a company in Israel that will be happy to do it for them.

Decapping a chip is difficult, expensive and not guaranteed. Most TPMs and security-chips are almost impossible to open without damage.

Go look at the arcade-ROM decapping efforts. Even 30-year-old ROMs have protections that mean some games are now permanently lost forever, and the ones that are successful rely on "seeing" (via X-Ray etc.) the data as a visible effect on the image. That doesn't work for anything modern at all, you'd need new kinds of instruments or something to measure the individual charge on an individual transistor from billions of them on a tiny sliver of silicon.

Modern chips, especially those designed to be secure and avoid tampering? Not a chance. Nobody has yet demonstrated an attack on a modern TPM chip like that, and the private keys aren't exactly just sitting there in plain-text even if you could.

And then updating for EVERY technology change, nm-advancement, etc.? Cost would not just be prohibitive but astronomical.

Do you believe that those 7800 devices a year are all just one read away from stopping a terrorist attack each? Highly unlikely. If anything one arrest could result in 20-30 devices, not even worrying about whether it was a drug-deal or a telecoms violation or whatever else the FBI might deal with.

The value just isn't there, even if the technology could exist.

To my knowledge, literally NO-ONE in the world has read a key from a physical iPhone security chip, for instance. There have been software flaws, and things found in publicly available firmware that are quickly patched out but even those don't cause the processor to magically give up all its private keys. That's not how those chips work. Even Apple themselves may not be able to do it (only replace the device in question and reset it, not bring across the private keys).

This is part of the "problem". The system is secure. And that means secure from all attackers, including the people who want access to the devices for legitimate reasons (e.g. the owners in some cases!). If it wasn't, it would be insecure, against both those categories of people, and thus not be fit for purpose.

Sure, at some point, someone will find a hole. And then the next round will devices will counter that. But the FBI expecting to have something that nobody else in the world has, possibly even the manufacturer, which can only be given by weakening the whole purpose of the system for everyone, and for it to be cost-effective, to handle a boat load of enquiries that they presumably have NO OTHER evidence for? That's just silly.

I'm sure if it was "go to war or not" territory, someone would find a way. But there, no expense is spared. As a run of the mill "let's see what this terrorist suspect texted via WhatsApp" enquiry? Not a chance.

If they COULD do this, they would be. And they'd be keeping very quiet about it. Because the second it was public, every new phone, chip and computer would be redesigned to stop it in the future.

Lack of warrants. If they had the warrants to do that to these phones, they would've done it. The reason they want easy access is so that they can get arrests made without getting in trouble about breaking the phone. Right now, the phones are just bricks with potential damaging information on a presumably innocent suspect.

Although a well designed security chip won't be easy to break, they self-destruct when attempts are made to get physical access.

Because. What they REALLY want is different. They want unsupervised, unmonitored, warrantless access to all your data, any time. All the time. That is what this is actually about. Even if they need secret gag orders imposed upon tech companies. They want unmonitored access.

If they've got a wiretap warrant, then they can put a trojan on the suspects phone _before_ the arrest to gather evidence.Just send a 'copy all data to FBI server' command when you're ready to make the arrest so that even if the phone is locked/destroyed they've got the data.

The inability of law enforcement authorities to gain convictions due to legal rights is an “urgent public safety issue,” FBI Director Christopher Wray said on Tuesday in remarks that sought to renew a contentious debate over privacy and security.

No one has granted you carte blanche to access our data, our lives, our thoughts.

The big problem here is the effort to prevent a crime vs solving a crime.

The government, the police, the feds, etc. want access to prevent a crime, but that in itself is quite fluid because, as Trump is demonstrating, it can be a "crime" just to say he is a foolish, petulant child. So they want access to everything to "prevent" this kind of thing.

While I might support cracking something open for additional evidence to solve a crime, where at least one or more judges agree that a crime has been committed and where the courts can be used to argue whether or not to force the opening, I would never consent to allowing any so-called authority a pass key to dig around in my stuff in a preventative fishing expedition.

... that crime has increased exponentially in sync with the exponential rise in smart device sales.

Just kidding and stuff.

Today [fbi.gov], the FBI released its annual compilation of crimes reported to its Uniform Crime Reporting (UCR) Program by law enforcement agencies from around the nation. Crime in the United States, 2015 reveals a 3.9 percent increase in the estimated number of violent crimes and a 2.6 percent decrease in the estimated number of property crimes last year when compared to 2014 data.

According to the report, there were an estimated 1,197,704 violent crimes committed around the nation. While that was an increase from 2014 figures, the 2015 violent crime total was 0.7 percent lower than the 2011 level and 16.5 percent below the 2006 level.

While we want privacy and anonymity, we don't want it used for nefarious purposes. Such things tend to serve people generally but also terrorists, pedophiles, drug cartels, etc. I strongly believe we need a system that provides accountable anonymity, such as a Reputational Identity Service.

That is, create an identity that enables others it interacts with to rank its reputations along a rubric. This could be used for determining if the identity is a good citizen on comment boards, doesn't cheat people in business, etc. It could act as a form of credit check... Does the entity have a strong reputation for dependability in paying what it owes? Just like with ordinary credit, an identity would begin with no reputation and slowly build one over time. If the identity has a long history of being a certain way then the risk is low that that will change any time soon. This is true, even if the same person holds two identities--one for good and one for evil. You will know which one is safe to deal with, and how much it is..

Each person's must have a limit as to how much he/she can give to others, to prevent undue reputation inflation or deflation. So each time you score another, you have a percentage of your total to give and that takes away proportionally from those you have already given to. So one's reputation can build but it will also fade over time. One's reputation score is measured by its average over time... This is LIKES++.

On message boards, filter and allow privileges based on reputations. Do business based on reputations. Deny certain information based on reputation. Reputation may always be earned or lost.

Big brother also doesn't have to play nice and pretend he's the good guy anymore.

The Soviet Union protected our rights by its mere existence. At least as long as you didn't live there, of course, but as long as they existed, our regime had to act as if the Reds are the only ones who would ever do something like this to their population.